An Analysis of the OpenSSL SSL Handshake Error State Security Bypass (CVE-2017-3737)

January 12, 2018

OpenSSL is a widely used library for SSL and TLS protocol implementation that secures data using encryption and decryption based on cryptographic functions. However, a Security Bypass vulnerability – recently addressed in a patch by the OpenSSL Project –can be exploited to make vulnerable SSL clients or remote SSL servers send clean application data without encryption. This Security Bypass vulnerability (CVE-2017-3737) is caused by an error when the SSL_read or SSL_write function handles an "error state" during an SSL handshake....

Read more...

Previous Article
Score an A in Cybersecurity using a 5-Point Checklist
Score an A in Cybersecurity using a 5-Point Checklist

Learn the critical cybersecurity challenges plaguing K-12 schools today and how to mitigate them with this ...

Next Article
Dr. StrangePatch or: How I Learned to Stop Worrying (about Meltdown and Spectre) and Love Security Advisory ADV180002
Dr. StrangePatch or: How I Learned to Stop Worrying (about Meltdown and Spectre) and Love Security Advisory ADV180002

  Introduction 2018 truly is starting off with a bang: fundamental CPU flaws dubbed Meltdown and Spectr...